J2SE Proxy Authentication

Question

We use 2 SIMILAR Microsoft ISA Proxy Server 2003 to connect to internet. Each Proxy has different Login style, as below :

Server-1 : nt-domain\\alan Server-2 : alan@love-u.com

Logon in IE, Firefox and my Phonecell via Wifi all are fine. But, a problem appears when we run a java application J2SE Ver 4, 5 and 6, where it needs internet authentication. Logon to Server-2 is OK, but FAIL for Server-2 (style : alan@domain.com).

Note : Both proxy seen using Windows authentication, type : negotiate NTLM

Appreceate if you can help or for any suggest.

Thank you,

Alan L

Answer 1

The java documentation describes how to enable NTLM authentication in java. If you have access to source, you can programmatically add system properties as described in "proxy" article, adding something as follows (see also discussion of axis2):

System.setProperty("http.auth.ntlm.domain", mydomain);

If you have no access to source, you can set properties on the command line that launches your java binary, adding something like:

java -DproxyHost=host  -DproxyPort=8080  -Dhttp.auth.ntlm.domain=mydomain  ...

Answer 2

There are some good libraries that can help you to get over this issue. Proxy Vole (Network proxy auto detection for Java) can will help you to use the same proxy settings as Internet Explorer to authenticate via the proxy.

To provide network connectivity out of the box for you Java application you can use the Proxy - Vole library. It provides some strategies for autodetecting the current proxy settings. There are many configureable strategies to choose from. At the moment Proxy - Vole supports the following proxy detection strategies.

• Read platform settings (Supports: Windows, KDE, Gnome)
• Read browser setting (Supports: Firefox 3.x, Internet Explorer)
• Read environment variables (often used variables on Linux / Unix server systems)
• Auto detection script by using WPAD/PAC (Only some features supported)

Answer 3

Are you running an application or an applet? An applet can piggy back on the browser's proxy authentication mechanism.

I would suggest using cURL to connect through your proxy first, and view the handshake which occurs. The proxy server will offer the client a list of authentication methods.

If the user and password are fixed, you can sometimes just lift the header out from your browser session, and use that in your code. For example, I can add this header to a request, and the proxy will see me as authenticated:

Proxy-Authorization: Basic AbCdEfGhOjk==

Answer 4

Using apache-commons httpClient (version 3), I have the following code. It isn't tested well (if it is at all), but I think it worked once.. :) This is in case you can modify the programs.. if they are some 3rd party packages, nothing you can do.

String proxyHost = System.getProperty("https.proxyHost");
                int proxyPort = 0;
                try {
                    proxyPort = Integer.parseInt(System
                            .getProperty("https.proxyPort"));
                } catch (Exception ex) {
                    //
                }


            System.setProperty("java.net.useSystemProxies", "true");

            ProxySelector ps = ProxySelector.getDefault();
            List<Proxy> proxyList = ps.select(new URI(targetUrl));
            Proxy proxy = proxyList.get(0);
            if (proxy != null) {
                InetSocketAddress addr = ((InetSocketAddress) proxy
                        .address());
                if (addr != null) {
                    proxyHost = addr.getHostName();
                    proxyPort = addr.getPort();
                }
            }

            boolean useProxy = proxyHost != null && proxyHost.length() > 0;

            if (useProxy) {
                httpClient.getHostConfiguration().setProxy(proxyHost,
                        proxyPort);
            }